Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp875354ybv; Fri, 7 Feb 2020 10:04:29 -0800 (PST) X-Google-Smtp-Source: APXvYqwMmf+uikPK20yYHk3Fj5QkyaZEP57n5BB/cXfurt4sW2rcBrmqna+u8q5g5BRGry/doXs6 X-Received: by 2002:a9d:74c4:: with SMTP id a4mr451639otl.119.1581098669607; Fri, 07 Feb 2020 10:04:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581098669; cv=none; d=google.com; s=arc-20160816; b=qRNy0tCOxw6S3OoRXIpXyr3ju24nGHdcjC9/hj2VdfxtC2GsOa6G8x2oWuAiaFmEPA YwH+kcPKsSj+2s+w1i1mzt2RTbqY782asL/mUQwezNJMEVfjo5KWQpflfzDX+Ei0C0MR /4wbtJN3ttnhiYLkn8PKzzRyWN/rH1OGxgHB34wguO2iq+uo9MIi26dOaKn6RsFR/1A5 65/MnhKAoe/BUVqvPgIwz7VLwQLxZcInNZ6IiY2n9VcO2MhBpCfignQoPq/IA+Gv8yst qQ+asUPA9LTsaU4PPo5fAClZ3mK6tFuj1x/ww8tHGtss5QodxaDFQ9IWkIJ9MeLErXS0 pvRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:mime-version :message-id:date:dkim-signature; bh=iKjEZXvKKVcsWaI7ym2KttzdoB/EiCc42gBxG/ve1HE=; b=UlNtGTkXr66+5Jmuf65hNWTL8PPvfrMydg+UT6cgDLkhgyXinaZJR+YrOAzPEreR7D trM6PUf0eGhM8Gy4mlMV7u9rdkSTe1Wlb25JW1ZoUtVlESkpyPqMkUHOOHAp78zKX7Ei 7s+jL1BJKaP0sp1Xla+/21ykz2uYy9wtb+eCLagrhaoJ8gDxLUcRPVvlDJT8/Uca1PfS j5MYJ+1uBkqBInOIQRicKyOaUWqHqXps2twaxXskL+3Q/7GRLmwtvoAOclYivxSM02aJ uWIyyvDfs1nwgGlkYkwMdBd0r9lFDSa4Gebwgcgs3JUwMmP0EP4Q3IEchHO5QHS4qnn2 TqLQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=gDNjzVrH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d3si3927842oia.236.2020.02.07.10.04.15; Fri, 07 Feb 2020 10:04:29 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=gDNjzVrH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727011AbgBGSCw (ORCPT + 99 others); Fri, 7 Feb 2020 13:02:52 -0500 Received: from mail-yb1-f201.google.com ([209.85.219.201]:39280 "EHLO mail-yb1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726900AbgBGSCw (ORCPT ); Fri, 7 Feb 2020 13:02:52 -0500 Received: by mail-yb1-f201.google.com with SMTP id a140so2713347ybg.6 for ; Fri, 07 Feb 2020 10:02:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=iKjEZXvKKVcsWaI7ym2KttzdoB/EiCc42gBxG/ve1HE=; b=gDNjzVrHvKMFTQCFsIM4J+qmSZzKqJ6pjINTMCtV6GCnxkS9bWToX/Y7xbkb+A3BDU BG7girIrsDQZf30Fla4zwIn/uYke9+gN9WYJ37tHJS0UCJ1NOXhqpu6CXZy5gt76lVq1 hMFOpKyvDkQSFnaL/WVIg1c4lfLL/MZHN+OC6qHtiUWwLxPdlVOZVQTG7GkNpejL+Wtp RyyWyJ1obapU77yE+1ZScpmgkSaWzo84v3k9Bss2jm1uk2sl9MOYTfuNUd87dh9m6/qv zwDaDmlEWABrXP0KCozHVo39yHMf4vTFKGS2u2BsFFf/esrXDo19vauBjGw6p/GWCA2Z AtqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=iKjEZXvKKVcsWaI7ym2KttzdoB/EiCc42gBxG/ve1HE=; b=pLN3NcegJCkyMnVY2BZsnUExN4ytTG5GJhRKYBEkh5NSAUr8IBOm8X7/91iV17cgyg WUufo10y+Xlt51gF+TYYxB2Z417g1iVbP1L8aZgdJlDPLn/DuinjvMNdsRCkrp0lhJdQ 7EVUdgiuURQlwR7jGE+CielGselI2Tgmj7TuUloS0hhkU9YS28OKCl+SoZGU35xxHY39 pyDW0TTdMF4vh2piZOD4JT4kjhHCLBfrDK/FQXpBe0d+97TGLIvk0RPAZvEtYQIErxSt 4yYP6ZnzpwZvrK1/6fHudeMnsySd9wc4a3UoFw8RJmgShCas3sP0gf8STFBE7BWxP9yQ liOw== X-Gm-Message-State: APjAAAWgRDA3xIfcRVKD2ure7maF+jYihWByY8Q4IPvnuBfYlmZ34Tdf Z+dV0Oy9/c5vbc1uvAghDyoCqkCMO1+Poh8= X-Received: by 2002:a25:c04f:: with SMTP id c76mr306526ybf.355.1581098571073; Fri, 07 Feb 2020 10:02:51 -0800 (PST) Date: Fri, 7 Feb 2020 10:01:49 -0800 Message-Id: <20200207180148.235161-1-smoreland@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.25.0.341.g760bfbb309-goog Subject: [PATCH v3] security: selinux: allow per-file labeling for bpffs From: Steven Moreland To: paul@paul-moore.com, sds@tycho.nsa.gov, eparis@parisplace.org, keescook@chromium.org, anton@enomsg.org, ccross@android.com, tony.luck@intel.com, selinux@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-team@android.com Cc: "Connor O'Brien" , Steven Moreland Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Connor O'Brien Add support for genfscon per-file labeling of bpffs files. This allows for separate permissions for different pinned bpf objects, which may be completely unrelated to each other. Signed-off-by: Connor O'Brien Signed-off-by: Steven Moreland --- security/selinux/hooks.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index d9e8b2131a65..18f8cd47729c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -699,6 +699,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, if (!strcmp(sb->s_type->name, "debugfs") || !strcmp(sb->s_type->name, "tracefs") || !strcmp(sb->s_type->name, "binderfs") || + !strcmp(sb->s_type->name, "bpf") || !strcmp(sb->s_type->name, "pstore")) sbsec->flags |= SE_SBGENFS; -- 2.25.0.341.g760bfbb309-goog v2 -> v3 - on selinux next branch (instead of master)